Towards A New Type of Prover: On the Benefits of Discovering - PowerPoint PPT Presentation

Towards A New Type of Prover: On the Benefits of Discovering Sequences of “Related” Proofs David M. Cerna April 10 th , 2019 slide 1/29

State of this work ◮ Disclaimer: This investigation is in a very early stage. ◮ Essentially, we have just started looking for promising ways to circumvent a fundamental issue concerning the instance generalization prover VIPER. ◮ The instance proofs need to be “related” and/or “uniform”. ◮ For some proof sequences this comes naturally. ◮ For most it is anything but natural. ◮ In this talk we ◮ Introduce the method, ◮ Discuss its capabilities, and ◮ Discuss characterizations of relatedness. slide 2/29

Induction: The Difficultly of Generalization ◮ Inductive theorem proving: find a pattern which follows from the provided axioms and can be used to prove any instance of the goal statement. ◮ This patterns is usually referred to as the induction invariant. ◮ As many here will probably know, invariant discovery is in general undecidable. ◮ Their exists weak theories of arithmetic where this problem is actually decidable, i.e. Pressburger arithmetic and [Aravantinos et al. , 2013]. slide 3/29

Existing Methods ◮ There are many different approaches to invariant discovery, we will only name a few: ◮ Loop-Discovery Provers [ Aravantinos et al. , 2011 ] ◮ Lemma Generation and testing [Claessen et al. , 2013 ] ◮ Rippling [Bundy et al. , 2005] ◮ Superposition based methods [Cruanes, 2015] ◮ Cycle discovery [Brotherston, 2012] ◮ and Instance proof generalization [Pearson, 1995] [Eberhard and Hetzl, 2015] ◮ This last approach will be the focus of this talk. slide 4/29

Background: Gentzen’s Sequent Calculus ◮ The sequent calculus applies inferences to objects referred to as sequents ∆ ⊢ Π, where ∆ and Π are multisets of well-formed formula. Chaining inferences forms proof trees. ◮ Semantically a sequent means given ∆ we may derive Π . ◮ Note that, this interpretation implies that ∆ is essentially a conjunction of formula and Π is a disjunction. ◮ The sequent calculus Inferences are as follows: Axiom Inferences Ax A ⊢ A slide 5/29

Gentzen’s Sequent Calculus Structural Inferences Γ ⊢ ∆ Γ ⊢ ∆ w:r w:l D , Γ ⊢ ∆ Γ ⊢ ∆ , D D , D , Γ ⊢ ∆ c:l Γ ⊢ ∆ , D , D c:r D , Γ ⊢ ∆ Γ ⊢ ∆ , D C , Γ ′ ⊢ ∆ ′ Γ ⊢ ∆ , C cut Γ , Γ ′ ⊢ ∆ , ∆ ′ slide 6/29

Gentzen’s Sequent Calculus Logical Inferences Γ ⊢ ∆ , D D , Γ ⊢ ∆ C , Γ ⊢ ∆ ¬ :r ¬ :l ∧ :l ¬ D , Γ ⊢ ∆ Γ ⊢ ∆ , ¬ D C ∧ D , Γ ⊢ ∆ D , Γ ⊢ ∆ Γ ⊢ ∆ , C Γ ⊢ ∆ , D ∧ :l ∨ :r ∨ :r C ∧ D , Γ ⊢ ∆ Γ ⊢ ∆ , C ∨ D Γ ⊢ ∆ , C ∨ D Γ ⊢ ∆ , C Γ ⊢ ∆ , D ∧ :r C , Γ ⊢ ∆ D , Γ ⊢ ∆ ∨ :l Γ ⊢ ∆ , C ∧ D C ∨ D , Γ ⊢ ∆ C , Γ ⊢ ∆ , D Γ ⊢ ∆ , C D , Γ ⊢ ∆ → :l → :r Γ ⊢ ∆ , C → D C → D , Γ ⊢ ∆ slide 7/29

Gentzen’s Sequent Calculus Quantifier Inferences Γ ⊢ ∆ , F ( α ) F ( t ) , Γ ⊢ ∆ ∀ :r ∀ :l Γ ⊢ ∆ , ∀ xF ( x ) ∀ xF ( x ) , Γ ⊢ ∆ Γ ⊢ ∆ , F ( t ) F ( α ) , Γ ⊢ ∆ ∃ :r ∃ :l Γ ⊢ ∆ , ∃ xF ( x ) ∃ xF ( x ) , Γ ⊢ ∆ ◮ Note that for ∃ : l and ∀ : r α may not occur in Γ or ∆. These rules are referred to as Strong quantification, i.e. require an eigenvariable, the other rules are referred to as Weak. slide 8/29

Gentzen’s Sequent Calculus Quantifier Inferences Γ ⊢ ∆ , F ( α ) F ( t ) , Γ ⊢ ∆ ∀ :r ∀ :l Γ ⊢ ∆ , ∀ xF ( x ) ∀ xF ( x ) , Γ ⊢ ∆ Γ ⊢ ∆ , F ( t ) F ( α ) , Γ ⊢ ∆ ∃ :r ∃ :l Γ ⊢ ∆ , ∃ xF ( x ) ∃ xF ( x ) , Γ ⊢ ∆ ◮ Note that for ∃ : l and ∀ : r α may not occur in Γ or ∆. These rules are referred to as Strong quantification, i.e. require an eigenvariable, the other rules are referred to as Weak. Equational Axioms Re P = ⊢ x = x x 1 = y 1 , · · · , x n = y n , P ( x 1 , · · · , x n ) ⊢ P ( y 1 , · · · , y n ) f = x 1 = y 1 , · · · , x n = y n ⊢ f ( x 1 , · · · , x n ) = f ( y 1 , · · · , y n ) slide 8/29

Example Sequent Proof with Cut ◮ Green sequents represent cuts. slide 9/29

Example Sequent Proof without Cut ◮ Cannot eliminate atomic equational cuts. slide 10/29

Example Sequent Proof with Cut Sun Burst slide 11/29

Example Sequent Proof without Cut Sun Burst slide 12/29

Induction and the LK-calculus ◮ The theory of Peano arithmetic may by formalized as a theory extension of the LK-calculus with equality. ◮ Other than the axioms for successor, addition, and multiplication, one needs to add the following inference: Π ⊢ ∆ , ϕ (0) Π , ϕ ( α ) ⊢ ∆ , ϕ ( s ( α )) IND Π ⊢ ∆ , ϕ ( β ) ◮ Alternatively one could consider adding the ω -rule which requires a proof of each instance of the main formula: Π ⊢ ∆ , ϕ ( n ) ∀ n ∈ N ω Π ⊢ ∆ , ϕ ( β ) ◮ Without restrictions, the ω -rule is seemingly useless for practical cases. slide 13/29

Finitely describable sequences ◮ Fortunately, the primitive recursive ω -rule [J. Shoenfield 1959] is expressive enough to prove totality of all functions provably total in Peano arithmetic. ◮ Great a useful ω -rule, but how does one develop a finite description of a proof sequence? ◮ Maybe a little more specific, what can we do with ϕ (0) , · · · , ϕ ( n ) for n < ∞ ? ◮ This is the topic of “Inductive theorem proving based on tree grammars” by S. Eberhard and S. Hetzl (2015). slide 14/29

Cut-freeness and the Herbrand Instances ◮ Not just any ϕ (0) , · · · , ϕ ( n ) will do, we need the proofs to have particular properties. slide 15/29

Cut-freeness and the Herbrand Instances ◮ Not just any ϕ (0) , · · · , ϕ ( n ) will do, we need the proofs to have particular properties. ◮ They should be proofs of the same statement. slide 15/29

Cut-freeness and the Herbrand Instances ◮ Not just any ϕ (0) , · · · , ϕ ( n ) will do, we need the proofs to have particular properties. ◮ They should be proofs of the same statement. ◮ They should also be cut-free. ◮ Cut-free proofs, other than being Massive and being produced by theorem provers have particular properties. slide 15/29

Cut-freeness and the Herbrand Instances ◮ Not just any ϕ (0) , · · · , ϕ ( n ) will do, we need the proofs to have particular properties. ◮ They should be proofs of the same statement. ◮ They should also be cut-free. ◮ Cut-free proofs, other than being Massive and being produced by theorem provers have particular properties. Theorem (Mid-Sequent Theorem) Let S be a sequent of prenex formulas then there exists a cut-free proof π of S s.t. π contains a sequent S ′ s.t. ◮ S ′ is quantifier free. ◮ Every inference above S ′ is structural or propositional. ◮ Every inference below S ′ is structural or a quantifier inference. slide 15/29

Cut-freeness and the Herbrand Instances ◮ Not just any ϕ (0) , · · · , ϕ ( n ) will do, we need the proofs to have particular properties. ◮ They should be proofs of the same statement. ◮ They should also be cut-free. ◮ Cut-free proofs, other than being Massive and being produced by theorem provers have particular properties. Theorem (Mid-Sequent Theorem) Let S be a sequent of prenex formulas then there exists a cut-free proof π of S s.t. π contains a sequent S ′ s.t. ◮ S ′ is quantifier free. ◮ Every inference above S ′ is structural or propositional. ◮ Every inference below S ′ is structural or a quantifier inference. ◮ What if we limit S to a sequent only containing weak quantification. slide 15/29

Cut-freeness and the Herbrand Instances ◮ No strong quantification means no eigenvariables and thus all terms are existential witnesses. ◮ Collecting those witnesses gives us Herbrand’s Theorem slide 16/29

Cut-freeness and the Herbrand Instances ◮ No strong quantification means no eigenvariables and thus all terms are existential witnesses. ◮ Collecting those witnesses gives us Herbrand’s Theorem Theorem (Herbrand’s Theorem) Let S be a sequent of the form ∀ ¯ x ϕ (¯ x ) ⊢ ∃ ¯ x ψ (¯ x ) . S is valid if and only if there exists a sequence of term vectors ¯ t 1 , · · · , ¯ t n s.t. k k � � ϕ (¯ ψ (¯ t i ) ⊢ t i ) i =0 i =0 is valid. slide 16/29

Cut-freeness and the Herbrand Instances ◮ No strong quantification means no eigenvariables and thus all terms are existential witnesses. ◮ Collecting those witnesses gives us Herbrand’s Theorem Theorem (Herbrand’s Theorem) Let S be a sequent of the form ∀ ¯ x ϕ (¯ x ) ⊢ ∃ ¯ x ψ (¯ x ) . S is valid if and only if there exists a sequence of term vectors ¯ t 1 , · · · , ¯ t n s.t. k k � � ϕ (¯ ψ (¯ t i ) ⊢ t i ) i =0 i =0 is valid. ◮ Cut-free (weakly quantified end sequent) = ⇒ weak mid-sequent = ⇒ Herbrand instances. slide 16/29

Using First-Order Instance Proofs ◮ Let ϕ ( β ) be quantifier-free, ∆ only contains weakly quantified formula, and ∆ ⊢ ϕ ( β ) the main sequent of a sound application of the ω -rule. ◮ Furthermore, each of the instance proofs ϕ ( n ) for n ∈ N is provable without induction. ◮ We can ask a first-order theorem prover for a proof π n of ϕ ( n ). ◮ Each π n is cut-free (atomic cuts don’t count) and thus the Herbrand instances H n may be extracted. ◮ At this point we can build a tree grammar G n whose language is precisely H n . ◮ Notice that G n is specific to a particular π n . slide 17/29